Skip to main content

Worklet: Install Forticlient VPN and provision gateway

M
Forum|alt.badge.img

Hi Guys, We use Fortigate Firewall/VPN Concentrators and needed an easy way to push out the newest client with all the gateway settings pre-applied. Shoutouts to @awhitman for helping point us in the right direction with a couple free professional hours.

So basically what we do is run the installer, and then in order to actually modify all the settings we want, we need to throw some regkeys in the HKLM-Software hive. This will allow us to push the app to the end user and its prepopulated with the right URL/path/etc

It’s worth noting, theres 2 versions of the forticlient VPN software, online and full. Online is readily available but if you want the full installer, you need to logon to forticare and download it behind a membership wall.

Things to change:
$pathtourl is your publically accessible vpn concentrator
$gateway is what the end user will see for a friendly name.

Start-Process -Wait -FilePath "FortiClientVPNSetup_6.4.1.1519_x64.exe" -ArgumentList "/S /v /qn /norestart" -passthru

$scriptblock = {
$pathtourl = "Your VPN PATH HERE"
$gateway = "Your desired description name"

$path1 = "HKLM:\\SOFTWARE\Fortinet\FortiClient"
$path2 = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn"
$path3 = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels"
$RegKeyExists = "HKLM:\\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\$gateway"
New-Item -Path $path1 -Name "Sslvpn"
New-Item -Path $path2 -Name "Tunnels"
New-Item -Path $path3 -Name "$gateway"
New-ItemProperty -Path $RegKeyExists -Name 'promptcertificate' -Value '0' -PropertyType DWORD -Force
New-ItemProperty -Path $RegKeyExists -Name 'promptusername' -Value '1' -PropertyType DWORD -Force
New-ItemProperty -Path $RegKeyExists -Name 'Description' -Value "$gateway" -Force
New-ItemProperty -Path $RegKeyExists -Name 'Server' -Value "$pathtourl" -Force
New-ItemProperty -Path $RegKeyExists -Name 'ServerCert' -Value '1' -Force
}
$exitCode = & "$env:SystemRoot\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -NonInteractive -Command $scriptblock
Exit $exitCode

    5 replies

    M
    • Min
    • 0 replies
    • October 4, 2021

    Hi There,

    I am sorry, I am quiet new to this forum as well as Automox. the above stated code should be under Evaluation Code ? or Remediation Code. Because there are two boxes that we have to fill up the script. Appreciate for help.

    M
    1 person likes this
    • M
      Mrichards
    M
    Forum|alt.badge.img
    • Mrichards
    • Author
    • Power User
    • 58 replies
    • October 6, 2021

    Use required software instead of a worklet, then just copy/paste the code into that codebox ? Also welcome to the community and feel free to join our community slack channel if you’d like!


    Thanks to @Mrichards we how have an Automox community slack:


    This is a community-run chatroom, so not an official support channel, but I and other Automox folks will be in there to answer quick questions. Hope to see you in there!

     

    M
    1 person likes this
    M
    • Min
    • 0 replies
    • October 7, 2021

    Thanks Mrichards, I am still confused with worklets and required software 🙂
    much appreciated. By the way, is there any code to install this Fortinet for MacOS too?

    J
    Forum|alt.badge.img
    • jhamman
    • Novice
    • 9 replies
    • July 12, 2022

    I was able to get the installer to work great which is usually my sticking point, but I can not get the registry entries to go where they need to go.  They keep going in the WOW6232Node branch.  Any thoughts would be greatly appreciated.

    J
    Forum|alt.badge.img
    • jhamman
    • Novice
    • 9 replies
    • July 13, 2022

    I overthought this...the entry for the PowerShell has to include the ..\sysnative\..  Dont understand it since the folder is not there, but it works.  Also extracted the MSI instead of the EXE which makes it easier pulling into the required software.  Here is that syntax.

    Start-Process -FilePath 'msiexec.exe' -ArgumentList '/qn', '/i', '"FortiClientVPN.msi"' -Wait -Passthru

    BrandonG-Automox
    1 person likes this
    • BrandonG-Automox
      BrandonG-Automox

    Reply


    Terms & ConditionsCookie settings

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings